1. Field
The invention relates to the field of data security. In particular, the present invention relates to a method and apparatus for generating cryptographic keys using a key matrix.
2. Background Art
In today's society, it is becoming more and more desirable to transmit digital information from one location to another in a manner that is clear and unambiguous to a legitimate receiver, but incomprehensible to any illegitimate recipients. Accordingly, such information is typically encrypted using one of two commonly used cryptographic techniques: public key cryptography and symmetric key cryptography.
In symmetric key cryptography, a commonly possessed, symmetric key is used to encrypt and decrypt a message transmitted between a legitimate sender and a receiver. Such encryption and decryption is performed through well-known conventional algorithms such as Data Encryption Standard (DES). Although symmetric key cryptography is computationally simple, it relies on both parties maintaining the secrecy of the symmetric key. Also, the management of symmetric keys tends to be complex. Simply stated, if each sender needs a different symmetric key to communicate with each legitimate receiver, it is difficult, if not impossible, for use by businesses having a large number of employees. For example, in a business of 1000 employees, a maximum of 499,500 (1000×999/2) keys would need to be managed, provided that each employee is capable of communicating with any another employee within the business.
In general, public key cryptography involves the use of a public key and a private key (collectively referred to as a “key pair”) which are two separate, but related keys. Normally, the public key is publicly available and widely used for encrypting a message directed to the owner of the key pair. The private key is maintained in confidence and usually is used for decryption of incoming encrypted message. As a result, public key cryptography tends to be more secure than symmetric key cryptography, but it is more cumbersome and computationally intensive. The intense computations tend to prevent consumer electronic devices and other lower performance devices from using public key cryptography.
Diffie-Hellman Key Exchange, a hybrid cryptographic technique developed in the late 1970s (U.S. Pat. No. 4,200,770), allows two or more parties to exchange information over a public channel to form a secret that is known by all parties involved, but of which eavesdroppers cannot infer. While generation and use of the “secret” achieves the simplicity of symmetric key cryptography, its calculation is also computationally intensive. Diffie-Hellman involves the calculation of the secret through modular exponents over very large prime modular fields (e.g., 1024-bit binary numbers).
On or around 1985, elliptic curve cryptography (ECC) was proposed. ECC involves the translation of cryptographic techniques from modular exponentiation to scalar multiplication over an elliptic curve over a finite field. ECC helped alleviate the mathematical strain of performing these cryptographic calculations on smaller-sized integers to provide, in theory, a comparable level of security as that of the modular exponentiation over much larger-sized prime fields. However, this is only a partial performance improvement over modular exponentiation, and it also adds further to the complexity of implementation due to the extensive mathematical calculations involved.
In light of the foregoing, it would be desirable to develop a cryptographic technique that provides the security advantages of public key cryptography without the disadvantages of being cumbersome and computationally intensive. Furthermore, it would be desirable for the cryptographic technique to seamlessly work with revocation protocols to protect the system from reverse-engineering attacks.